Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2226 irssi security update 22 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: irssi Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-7045 CVE-2016-7044 Original Bulletin: http://www.debian.org/security/2016/dsa-3672 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running irssi check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3672-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : irssi CVE ID : CVE-2016-7044 CVE-2016-7045 Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client. For the stable distribution (jessie), these problems have been fixed in version 0.8.17-1+deb8u1. We recommend that you upgrade your irssi packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJX4uJ1XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0AAoJEAVMuPMTQ89EioIP/RiBWnM6Wq0t3NzsXoX1Xcv9 dVkpJ6QAbGOsmZvXkJkB6qwVsb4C1SG3IoRx/DPrKAMPeg8b8YdU5j6HbatCvo9h pq6R/PUsL2jhg9pm+PNCM88uADb7mUDs8aK3ShbFJx+/YKNbeDCI3ZMULXdiMAWG zKH0EyFjJz4VPVDxkKhuhEA46KDhBPk3TIkwCv5PIhpBp973RD2x48nDX6laV7yF 7vUx3BFVpwkyVpqhoL0OZevyaNhP+Hw4J+DoQiyT8U0xHB3t4wT35lEBxqlVlR0d 03UPSCVA/k0vo5DqtL1ASmeZ3KmMKgUVPS0eeZ07embCdXH9xP6As9XPPxC1tyMB hsOcF+5vEKcAJPIIqejkWYbIoleX92FeBPzwEnAQPTxT0+RDmc79yOJvRTcHZ84x C3B5cclEkEfsperb0SRd4RPvN9FldUP9TEPXgSHTDya7VxNe7xpP+2mAI6JUHGyQ hL5WNj6u1MnfiCp6ZdvZfqWVzsKrd3W9sCl1poWI28MTk9IOPN+E2xjlOLDlJ3gZ uBxZv3DhaRQgYt3ECvykTyaAzl4kNP5OxkP5RDnJNQzorSgPm0xF+wO/ElnT0KhD 82e66OLby+5SW/mWNCsPjRvAs8/70iHvjErlZSqUSj8u0DRQGFljYmv7kQ5QRIoG jUbrSQ8OKE8DFMeus3dQ =Chg3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV+M5kYx+lLeg9Ub1AQilZBAAmnxxnAjS7+3XPO2e5zZA1dYJw5JAodER eWMGLqYuaTcI4G45uzjtoK1QCUmZiuGrUR17bO20sLRpRUwedJVBcq0G2d7bPHU2 Oi/4odP9z0f+ECGdGrMiKJLOEFXQFGM7NA9i3I3HEEYicAF1eOXM/b24+dd4ijbw lmWXQSXUfuo7Nb4Um9M4fAKyZ3nI2XwiORMmCXI8h4+HDO6WgFjcYXEqZX/4mOsd OiFG3n3WXxgx/qfO5uHMg/gHz7FBtSPes1NQRl8vubVQgSB1zhp2W7b2XGkevHvA rcBVLNsyu1eKQvuUZSPEevHHFKs+jW+2GeMegvUh8Eh3un/OSs7Mlae6MoCoUBCZ 17Bthvc7tcEtOSdCn2RPbk4FB+7Y+IUVEEyivHz4thJQiWcQijfxNRI1/bE9LFeT /Y23vL3EPRAJYhK6uz4dbh+/vO4l/ROjZXpl15eL5NAjPHJPKxYBYdQPJOiAWp30 BUjegC5CfmLjTb8YiwJE9wXnbuPev8/aw31q6ryEBE49lNhEou7Z8TcOT6h4QdKk m9LsUqWjsEngRRj2lQ/n2ewC6lE79sGOGk7gbzF6FePNF1XZJc/T6pW9/zgpc6U4 kqdHz7+Nddh1FLwL3Q8TbVsJ7n1h6c55cv0l7W5F2KrD36fE9uFBEhApN/o/2/EI /IeGRGNE9tQ= =TRYN -----END PGP SIGNATURE-----